In the existing code, there was no "DPP" string available to the DPP key
management type for configuration parser of wpa supplicant. When the
configuration is saved, the key management string was left out from the
config file. Fix this by adding support for writing key_mgmt=DPP option.
Signed-off-by: Rohit Damodaran <Rohit_Damodaran@comcast.com>
The previous implementation did not check that we are associated with
the sender of the GAS response before checking for PMF status. This
could have accepted Venue URL when not in associated state. Fix this by
explicitly checking for association with the responder first.
This fixes an issue that was detected, e.g., with these hwsim test case
sequences:
gas_anqp_venue_url_pmf gas_anqp_venue_url
gas_prot_vs_not_prot gas_anqp_venue_url
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Hotspot 2.0 Release 2 requires PMF to be negotiated, so enable this by
default in the network profiles created from cred blocks.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The HS 2.0 Indication element can be up to 9 octets in length, so add
two more octets to the minimum extra_ie buffer size for scanning.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Hotspot 2.0 tech spec mandates mobile device to not indicate a release
number that is greater than the release number advertised by the AP. Add
this constraint to the HS 2.0 Indication element when adding this into
(Re)Association Request frame. The element in the Probe Request frame
continues to show the station's latest supported release number.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
remove_ie() was defined within an ifdef CONFIG_FILS block while it is
now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition
there.
Fixes 8c41734e5d ("FT: Fix Reassociation Request IEs during FT protocol")
Signed-off-by: Jouni Malinen <j@w1.fi>
Also add the ChangeLog entries for both hostapd and wpa_supplicant to
describe main changes between v2.6 and v2.7.
Signed-off-by: Jouni Malinen <j@w1.fi>
libnl 3.2 release is much more likely to be used nowadays than the
versions using the older API, so uncomment this in wpa_supplicant and
hostapd defconfig.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not change the OWE group if association is rejected for any other
reason than WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED to avoid
unnecessary latency in cases where the APs reject association, e.g., for
load balancing reasons.
Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
The previous implementation ended up replacing all pending IEs prepared
for Association Request frame with the FT specific IEs (RSNE, MDE, FTE)
when going through FT protocol reassociation with the wpa_supplicant
SME. This resulted in dropping all other IEs that might have been
prepared for the association (e.g., Extended Capabilities, RM Enabled
Capabilities, Supported Operating Classes, vendor specific additions).
Fix this by replacing only the known FT specific IEs with the
appropriate values for FT protocol while maintaining other already
prepared elements.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to handle the little endian 16-bit fields properly when building
and parsing Authentication frames.
Fixes: 5ff39c1380 ("SAE: Support external authentication offload for driver-SME cases")
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
Instead of going through the configuration exchange, reject invalid
legacy configurator parameters explicitly. Previously, configuring
legacy (psk/sae) parameters without psk/pass resulted in a config object
that used a zero length passphrase. With this change, that config object
is not sent and instead, either the initialization attempts is rejected
or the incoming initialization attempt is ignored.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When selecting SSID to start external authentication procedure also
check the key_mgmt field as several network configuration may be defined
for the same SSID/BSSID pair. The external authentication mechanism is
only available for SAE.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.
Signed-off-by: Jouni Malinen <j@w1.fi>
This lets us know whether we can attempt to use FT-PSK, FT-EAP,
FT-EAP-SHA384, FT-FILS-SHA256 or FT-FILS-SHA384.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
This reverts commit adf8f45f8a.
It is basically all wrong. The Pmf property did exist, with a signature of
"s" as documented in doc/dbus.doxygen. It was synthesized from
global_fields[].
The patch added a duplicate one, with a signature of "u", in violation
of D-Bus specification and to bemusement of tools that are careful
enough:
$ busctl introspect fi.w1.wpa_supplicant1 /fi/w1/wpa_supplicant1/Interfaces/666
Duplicate property
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Make the buf_len calculation match more closely with the following
wpa_buf*() operations. The extra room from the existing elements was
apparently sufficiently large to cover this, but better add the two
octet header explicitly.
Signed-off-by: Jouni Malinen <j@w1.fi>
The maximum size of a Mesh Peering Management element in the case
of an AMPE close frame is actually 24 bytes, not 23 bytes, plus the
two bytes of the IE header (IEEE Std 802.11-2016, 9.4.2.102). Found by
inspection.
The other buffer components seem to use large enough extra room in their
allocations to avoid hitting issues with the full buffer size even
without this fix.
Signed-off-by: Bob Copeland <bobcopeland@fb.com>
use 'printf' instead of 'echo -n', to suppress the following warning:
In POSIX sh, echo flags are undefined. [SC2039]
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
Parse the OSEN IE from the AP to determine values used in the AssocReq
instead of using hardcoded cipher suites. This is needed to be able to
set the group cipher based on AP advertisement now that two possible
options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or
GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards
allowing other ciphers than CCMP to be used with OSEN.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.
For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".
For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".
This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
In case that the protocol used for association is WPA the WPA IE was
inserted before other (non vendor specific) IEs. This is not in
accordance to the standard that states that vendor IEs should be placed
after all the non vendor IEs are placed. In addition, this would cause
the low layers to fail to properly order information elements.
To fix this, if the protocol used is WPA, store the WPA IE and reinsert
it after all the non vendor specific IEs were placed.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When configuring more than 36 roaming consortiums with SET_CRED, the
stack is smashed. Fix that by correctly verifying the
num_roaming_consortiums.
Fixes: 909a948b ("HS 2.0: Add a new cred block parameter roaming_consortiums")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
An OWE AP device that supports transition mode does not transmit the
SSID of the OWE AP in its Beacon frames and in addition the OWE AP does
not reply to broadcast Probe Request frames. Thus, the scan results
matching relies only on Beacon frames from the OWE open AP which can be
missed in case the AP's frequency is actively scanned.
To improve the discovery of transition mode APs, include their SSID in
the scan command to perform an active scan for the SSIDs learned from
the open mode BSSs.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Start scans more quickly if an open BSS advertising OWE transition mode
is found, but the matching OWE BSS has not yet been seen.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit introduces a threshold for OWE transition BSS selection,
which signifies the maximum number of selection attempts (scans) done
for finding OWE BSS.
This aims to do more scan attempts for OWE BSS and eventually select the
open BSS if the selection/scan attempts for OWE BSS exceed the
configured threshold.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend wpa_supplicant to use a separate OSU_NAI information from OSU
Providers NAI List ANQP-element instead of the OSU_NAI information from
OSU Providers list ANQP-element when connecting to the shared BSS
(Single SSID) for OSU.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Explicitly set the PMF configuration to 0 (NO_MGMT_FRAME_PROTECTION) for
non-RSN associations. This specifically helps with OWE transition mode
when the network block is configured with PMF set to required, but the
BSS selected is in open mode. There is no point to try to enable PMF for
such an association.
This fixes issues with drivers that use the NL80211_ATTR_USE_MFP
attribute to set expectations for PMF use. The combination of non-RSN
connection with claimed requirement for PMF (NL80211_MFP_REQUIRED) could
cause such drivers to reject the connection in OWE transition mode.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Flush the PMKSA upon receiving assoc reject event without timeout
in the event data, to avoid trying the subsequent connections
with the old PMKID. Do not flush PMKSA if assoc reject is
received with timeout as it is generated internally from the
driver without reaching the AP.
This extends commit d109aa6cac ("SAE:
Flush PMKSA if an assoc reject without timeout is received") to handle
also the DPP AKM.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Parse the Venue URL ANQP-element payload and report it with the new
RX-VENUE-URL event messages if the query was done using PMF.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds the second SSID (the one used by the shared BSS) for OSU
connection when generating osu-providers.txt. External tools can use
that to configure multiple network profiles for OSU to cover the cases
where transition mode is used.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the device supports OCE features and OCE is enabled, set the relevant
scan parameters and FILS Request Parameters element with Max Channel
Time.
Signed-off-by: Roee Zamir <roee.zamir@intel.com>
Add a flag to scan parameters that enables OCE scan features. If this
flag is set the device should enable the following features as defined
in the Optimized Connectivity Experience Technical Specification v1.0:
- Overwrite FILS request Max Channel Time with actual value (clause 3.8)
- Send Probe Request frame in high rate (at least 5.5 Mbps) (clause 3.12)
- Probe Request frame Transmission Deferral and Suppression (clause 3.5)
- Accept broadcast Probe Response frame (clause 3.6)
Signed-off-by: Roee Zamir <roee.zamir@intel.com>
This enhances DPP_AUTH_INIT, DPP_CONFIGURATOR_SIGN, and SET
dpp_configurator_params to allow optional setting of the DPP groupId
string for a Connector. If the value is not set, the previously wildcard
value ("*") is used by default.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the RADIUS authentication server dropped the cached ERP keys for any
reason, FILS authentication attempts with ERP fails and the previous
wpa_supplicant implementation ended up trying to use the same keys for
all consecutive attempts as well. This did not allow recovery from state
mismatch between the ERP server and peer using full EAP authentication.
Address this by trying to use full (non-FILS) authentication when trying
to connect to an AP using the same ERP realm with FILS-enabled network
profile if the previous authentication attempt had failed. This allows
new ERP keys to be established and FILS authentication to be used again
for the consecutive connections.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Fix the typo in using WPA_DRIVER_FLAGS_QOS_MAPPING to set the QoS Map
bit in Extended Capabilities. The previous implementation ended up
adding this bit even if the driver did not actually indicate support for
the capability.
Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
Clarify that proto=RSN is used for WPA3 and add the WPA3-Personal name
for SAE and include OWE as a possible key_mgmt value.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Prefer channels that support VHT80 (and secondarily, HT40 on the same
band) over other common group channels. If no such channel is found,
prefer any channel that uses the same band so that CSA can be used. This
improves the case where a P2P GO needs to move to another channel and
there is no other reason (e.g., preferred channel from the driver or an
already used channel from a virtual interface sharing the same radio) to
pick a specific channel.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it easier to debug why wpa_supplicant selects particular
HT/VHT parameters for AP/P2P GO mode.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The bss variable in this function might be NULL, so make the FT MDE
addition case conditional on a BSS entry being available.
Fixes: 3dc3afe298 ("FT: Add MDE to assoc request IEs in connect params")
Signed-off-by: Jouni Malinen <j@w1.fi>
The max_oper_chwidth is parsed in wpa_config_set as INT_RANGE (see
ssid_fields). The actual parsing for INT_RANGE is done by
wpa_config_parse_int which can only store the result as full integer.
max_oper_chwidth is stored as u8 (a single byte) in wpa_ssid. This means
that on little endian systems, the least significant byte of the parsed
value are really stored in the max_oper_chwidth. But on big endian
system, the only most significant byte is stored as max_oper_chwidth.
This means that 0 is always stored because the provided range doesn't
allow any other value for systems with multi-byte-wide integers.
This also means that for common systems with 4-byte-wide integers, the
remaining 3 bytes were written after the actual member of the struct.
This should not have influenced the behavior of succeeding members
because these bytes would have been part of the padding between the
members on most systems.
Increasing its size to a full int fixes the write operations outside of
the member and allows to use the max_oper_chwidth setting on big endian
systems.
Fixes: 0f29bc68d1 ("IBSS/mesh: Add support for VHT80P80 configuration")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
wpa_s->ifmsh needs to be allocated using hostapd_alloc_iface() instead
of a direct call to os_zalloc(), otherwise the linked list for station
taxonomy items remains uninitialized, leading to a crash on the first
attempt to traverse that list
Signed-off-by: Felix Fietkau <nbd@nbd.name>